-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: added --- sni Support TLS http2 and SNI #68
base: master
Are you sure you want to change the base?
Conversation
lib/Test/Nginx/Socket.pm
Outdated
@@ -2121,8 +2121,11 @@ sub gen_curl_cmd_from_req ($$) { | |||
push @args, '-sS'; | |||
} | |||
|
|||
if (use_http2($block)) { | |||
my $isHttp2 = use_http2($block); | |||
if ($isHttp2 && $isHttp2 == 1) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We do not use "camel case" identifier names in this Perl project. We use "snake case" consistently.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I'll change it.
lib/Test/Nginx/Util.pm
Outdated
@@ -2499,6 +2502,11 @@ sub use_http2 ($) { | |||
bail_out("cannot use --- http2 with --- pipelined_requests"); | |||
} | |||
|
|||
if (defined $block->sni) { | |||
$block->set_value("test_nginx_enabled_http2_sni", 1); | |||
return 2; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The use_http2 function returns a boolean value. It's not a good idea to make it return more complex encodings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I'll change it.
lib/Test/Nginx/Socket.pm
Outdated
@@ -2193,6 +2196,10 @@ sub gen_curl_cmd_from_req ($$) { | |||
$link = "http://$server:$port$uri"; | |||
} | |||
|
|||
if (use_http2($block) == 2) { | |||
$link = "https://$ServerName:$ServerPortForClient$uri"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SSL support need proper server certificate and private keys. And it's a burden for the test writer to prepare such things themselves. We should make HTTP/2 over TLS test mode work on most of the existing test suite written for HTTP/1. So we should automatically generate such self-signed server certificate/key pair ourselves in the test scaffold.
lib/Test/Nginx/Socket.pm
Outdated
@@ -3991,6 +3998,10 @@ One can enable HTTP/2 mode for an individual test block by specifying the L<http | |||
|
|||
--- http2 | |||
|
|||
Enable SNI mode for an individual test block by specifying the L<sni> section, as in | |||
|
|||
--- sni |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm afraid --- tls
is a better name than --- sni
since we are not specifying a concrete SNI name here anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your review and comments. I'll change it.
@@ -2864,6 +2873,7 @@ The following sections are supported: | |||
=head2 http2 | |||
|
|||
Enforces the test scaffold to use the HTTP/2 wire protocol to send the test request. | |||
Also, you can set tls section using the HTTP/2 over TLS protocol and SNI(Server Name Indication). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really need to mention SNI here? It can be implicit I think. The user cannot specify their own SNI names now anyway.
@@ -2191,6 +2196,10 @@ sub gen_curl_cmd_from_req ($$) { | |||
my $server = $ServerAddr; | |||
my $port = $ServerPortForClient; | |||
$link = "http://$server:$port$uri"; | |||
if (use_http2($block) && defined $block->tls) { | |||
my $server_name = $ServerName; | |||
$link = "https://$server_name:$port$uri"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I mentioned in my previous round of review, the test scaffold should automatically generate self-signed server certificate and key files and automatically make use of them in the automatically generated nginx.conf
. All such details should be transparent. Also, we can introduce a TEST_NGINX_USE_HTTP2_TLS=1
system environment to enable this for any existing tests without any edits in the tests themselves?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@agentzh I think it can be split into two parts. Listening on HTTPS/2 and making HTTPS/2 requests from Test::Nginx.
I have tests that are using custom certificates and want to keep it that way, but would like to make HTTPS/2 request from Test::Nginx to verify them. IMO those are two different problems.
I see the workaround in ssl_certificate_by_lua tests (using cosockets), but having first class support in Test::Nginx would be nice.
No description provided.